7 years ago · a4640001b7
--- a/etc/ipv4.conf
+++ b/etc/ipv4.conf
@@ -24,6 +24,15 @@ EnableTrustedv4Hosts="yes"
 # Values: no | yes (default)
 Enablev4MSSClamp="yes"

 # Enable connection tracking features of netfilter/iptables
 # conntracking allows the firewall to be smart about what
 # packets it allows and refuses.  On highly loaded systems or
 # ones with low memory, this may be desirable.  Everyone else
 # should probably leave this on.
 # Depended on by: Enablev4NAT
 # Values: no | yes (default)
 Enablev4ConnectionTracking="yes"

 # Use /etc/resolv.conf as source for DNS servers that we communicate
 # with as a client.  If you turn this off (recommended if on static IP),
 # then you will need to manually define the DNS servers you use.
@@ -62,5 +71,6 @@ Enablev4Forwarding="yes"
 # Enable IPv4 NAT/NETMAP rules
 # This allows you to set up NAT rules, SNAT, MASQ, and NETMAP
 # Config file: ipv4/nat.conf
 # Requires: Enablev4ConnectionTracking="yes"
 # Values: no | yes (default)
 Enablev4NAT="yes"
--- a/etc/ipv6.conf
+++ b/etc/ipv6.conf
@@ -24,6 +24,15 @@ EnableTrustedv6Hosts="yes"
 # Values: no | yes (default)
 Enablev6MSSClamp="yes"

 # Enable connection tracking features of netfilter/iptables
 # conntracking allows the firewall to be smart about what
 # packets it allows and refuses.  On highly loaded systems or
 # ones with low memory, this may be desirable.  Everyone else
 # should probably leave this on.
 # Depended on by: Enablev6NAT
 # Values: no | yes (default)
 Enablev6ConnectionTracking="yes"

 # Use /etc/resolv.conf as source for DNS servers that we communicate
 # with as a client.  If you turn this off (recommended if on static IP),
 # then you will need to manually define the DNS servers you use.
@@ -62,5 +71,6 @@ Enablev6Forwarding="yes"
 # Enable IPv6 NAT/NETMAP rules
 # This allows you to set up NAT rules, SNAT, MASQ, and NETMAP
 # Config file: ipv4/nat.conf
 # Requires: Enablev6ConnectionTracking="yes"
 # Values: no | yes (default)
 Enablev6NAT="yes"
--- a/lib/iptables.inc
+++ b/lib/iptables.inc
@@ -372,6 +372,9 @@ function enable_nat {
 				IPVER="4" ;;
 	esac
 	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
 	([[ ${IPVER} == "4" ]] && [[ ${Enablev4ConnectionTracking} != "yes" ]]) && ${display} RED "${FUNCNAME}: ERROR:${DEFAULT_COLOR} Unable to load NAT rules if Enablev4ConnectionTracking=no" && return 1
 	([[ ${IPVER} == "6" ]] && [[ ${Enablev6ConnectionTracking} != "yes" ]]) && ${display} RED "${FUNCNAME}: ERROR:${DEFAULT_COLOR} Unable to load NAT rules if Enablev6ConnectionTracking=no" && return 1

 	if [ -e "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" ]; then
 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} read ${FWCONFIGDIR}/ipv${IPVER}/nat.conf successful"
 		while read -r type srcinterface srcaddress dstinterface dstaddress; do
@@ -411,4 +414,5 @@ function enable_nat {
 			done < "${FWCONFIGDIR}/ipv${IPVER}/nat.conf"
 		${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
 	fi
 		
 }